Andrew Gomez
Andrew Gomez is a seasoned Cybersecurity professional with over 9 years of experience in penetration testing, red team engagements, and threat hunting. As a former Captain in the U.S. Army Cyber branch, he specialized in adversary detection and simulation. Currently, Andrew leads offensive security teams as Adversary Simulations Consultant at SpecterOps. Andrew holds a bachelor's degree in Computer Science from the University of North Georgia, a master's degree in Cybersecurity from Georgia Tech, and maintains several industry certifications from Offensive Security, ZeroPoint Security, SANS, and ISC2.
X/Twitter
@KingOfTheNOPs
Session
Chromium browsers on Windows like Chrome and Edge have adopted App-Bound Encryption to protect browser secrets, but attackers are still hungry and always find a way into the cookie jar. This talk dives into the internals of Chromium’s app-bound encryption mechanisms, revealing how a threat actor can extract sensitive data such as cookies and stored passwords while running as either a regular user or with SYSTEM privileges. We’ll walk through multiple proof of concept techniques for stealing browser secrets, highlight opportunities for detection and response, and show how this tradecraft plays out in real world post exploitation scenarios. And because one cookie is never enough, we’ll wrap up with a bonus: using stolen EntraID cookies to pivot into the cloud.